Private Equity Blog
Search This Blog  Follow Us On Twitter Follow Us On YouTube
Subscribe:Subscribe to our RSS Feed  Get Email Alerts About New Posts
Share Print View
Hot Topics in the Middle Market > Categories
Patience: A virtue even in deal-making

In the deal world, speed is prized and often, a key tool in establishing a competitive advantage.  A quick response can signal the extent of a party’s interest, and executing a transaction expeditiously can be beneficial and sometimes, necessary to protect one’s leverage position (e.g., sellers in an auction setting).

However, patience can also be a valuable tool, particularly for family offices and the unique benefits that arise from their more “patient capital.”

As anyone involved in a recent auction process can attest to, it is a seller’s market. With all the “dry powder” waiting in the wings, rising multiples and seemingly shrinking supply of quality assets, the current environment for deal-making has become intensely competitive. Along with that, the question of – how to win deals and/or source proprietary deals – has grown in prominence, not only for traditional sponsors but also for family offices, given the growing trend of family offices making direct investments.

Much ink has been spilled on the answer to this question, and a comprehensive answer is beyond the scope of this article. Suffice it to say, the answer lies in a combination of different factors including the fundamental economics (i.e., being the highest bidder), existing relationships, and specialized or industry knowledge.

That said, one key competitive advantage for family offices is the more patient or long-term nature of their capital. Traditional sponsors typically have a four- to seven-year holding period that’s driven by the need to deliver a return within that timeframe to their limited partners. However, family offices are able to invest with substantially longer holding periods because their capital does not face the same kind of expiration date, and their investment goals stretch well beyond the next four to seven years.

Often, sellers will have concerns regarding the long-term legacy of the business, retention of the employees and “slash and burn” approach of compromising long-term growth for short-term gains – even when they don’t have a vested interest in the business after the transaction. It is in these types of situations that “patient capital” can play a key role in alleviating these types of concerns. This is especially true in smaller, low- to mid-market transactions, where the parties frequently have a more-personal relationship with the business (e.g. founders, multi-generation family owners) and ascribe a greater value to the “intangibles” involved in a transaction.

Ultimately, the fundamentals will still be the fundamentals. The highest bidder will typically carry the day, and an appeal to “patient capital” is not likely to overcome a substantial difference in purchase price. Nonetheless, “patient capital” is a unique competitive advantage for family offices, which they can use to differentiate themselves and open the door to transactions that may otherwise be closed.

Minority investors beware, Delaware courts will not rewrite your operating agreement
A recent decision from Delaware’s Court of Chancery (the “Court”) makes clear that parties entering into an operating agreement for a noncorporate entity have wide discretion when structuring the rights of controlling and minority investors. It is possible for parties to waive fiduciary duties they might otherwise be owed, or to empower boards to engage in conflicted or self-interested transactions, and rarely will the implied covenant of good faith and fair dealing be available to a party seeking relief from onerous or unfair terms to which it expressly agreed. This freedom when contracting underpins the attractiveness of limited liability companies and limited partnerships; however, investors need to be mindful of potential outcomes permitted by a target entity’s governing documents in order to avoid a bad deal. The Court will not save them.
In Miller v. HCP, decided by the Court on February 1, 2018, a minority investor in a limited liability company challenged its board’s decision to sell the company without an auction process. The majority of the board was allied with a controlling shareholder entitled to the bulk of the modest sale proceeds due to the particulars of the entity’s operating agreement, whereas the minority investor who filed suit would receive very little compensation unless the company was sold at a much higher price. The board had little incentive to seek bids beyond what would satisfy the controlling shareholder and in fact did not pursue a fulsome auction process despite indications that other bidders might have been willing to pay significantly more for the company. The minority investor raised objections during the sale process and later claimed that the board breached its implied covenant of good faith and fair dealing by failing to try to maximize the sale price.
Significantly, under the terms of the operating agreement, the parties waived all fiduciary duties and granted the board sole discretion in pursuing a sale with an unaffiliated third party. The Court reasoned that the implied covenant of good faith and fair dealing—which is available to address contractual gaps the parties did not anticipate when negotiating the operating agreement —could not be invoked by the minority investor given there was not in fact a contractual gap implicated by the sale. Rather, since the operating agreement included an express waiver of fiduciary duty and a grant of authority to the board with respect to a sale process, and the slanted waterfall provision in black and white, the minority investor was stuck with the deal.
This unbending contractual overlay on the noncorporate form is in contrast to the world of corporations, where different standards of judicial review apply and boards have fiduciary duties to other investors that may not be waived. While the case remains subject to appeal, minority investors in LLCs or limited partnerships should be cautious since they choose to forego the statutory and common law protections tied to the corporate form and therefore must live with the operating agreement bearing their signature.
Hot topics: what’s next for private equity investing in health care

On February 8, 2018, the Los Angeles office of Nixon Peabody LLP hosted a Hot Topics in the Middle Market event entitled Private Equity Outlook: What is Next for Investing in Health Care. NP partners Stephen Reil, Jill Gordon, and Matt Grazier moderated a discussion featuring the following speakers:

-          Len Anderson, Managing Director, LHA Capital Partners

-          Jonathan Bluth, Sr. Vice President & Head of the Healthcare Group, Intrepid Investment Bankers

-          Steven Shill, Partner/National Leader, BDO Center for Healthcare Excellence & Innovation

-          Srin Vishwanath, CEO and Co-Founder, GreenWave Health Technologies

A summary of the panelists’ observations on the current state of the health care industry and investment opportunities is as follows:

Trends and Opportunities: In today’s health care market, private equity investors increasingly have the option to invest in patient-centric, cash-pay companies rather than providers that primarily rely on government and third party reimbursement models. The panelists agreed that behavioral health, including the areas of addiction, autism, and other mental disorders, represents a new frontier in the health care industry and has become increasingly viewed as an exciting area of investment.  Growth in the behavioral health industry is being driven by an increasing awareness of, and a lessening of the historical stigmas associated with, mental health issues.  Coupled with the sense of urgency that often accompanies patients seeking behavioral health treatment (who are increasingly connected to behavioral health communities via the internet and social media), the industry has transformed into a high cash pay, high volume and high growth sector. In addition, the panel recognized that there has been a stratification of the behavioral health field, with certain areas migrating toward in-network coverage while others remain out-of-network and primarily cash-pay.  This has created a dichotomy in the sector which presents opportunities for investors.  Going forward the question of whether behavioral health will be able to demonstrate patient outcomes and value will remain the critical questions for the industry and its investors.  Finally, the rise of digital health has led to an explosion of international investment and medical tourism, with international investors, often from China, exporting diagnostic and digital medicine models to their home countries.

Dedicated Health Care Funds:  The panel discussed the recent rise of health care specific private equity funds that not only have a high level of understanding of the field’s regulatory concerns, but also strong relationships with regulatory agencies. In the past, less-sophisticated investors have had difficulty understanding health care business valuations and deal structures due to an inability to economically quantify the industry’s risks. Now, industry savvy investors are differentiating themselves through depth of reach and connectivity.  Coupled with their newfound regulatory expertise, many health care-centric private equity investors are able to not only identify appropriate targets and close deals but, post-closing, they are able to fundamentally change the growth trajectory of the target business and drive the value needle.

Digital Apps and Devices: There was general consensus among the panelists that investors are increasingly looking outside of the four walls of the hospital to alternative investment opportunities in patient-centric care. Specifically, ancillary services have become a primary area of focus as a way to identify and eliminate adverse events, and ultimately as a means to reduce the overall costs of care. In particular, investment in companies providing health services digitally through digital apps and devices and through telehealth and telemedicine (the panel used the example of rural hospitals accessing physician specialists through web and phone conferencing applications).  These companies are disrupting the industry, blurring the lines of how and where care is provided and effecting how providers are paid.  This growing portfolio of health care / technology hybrids has created ample opportunity for private equity investors looking for targets and, ultimately, returns.

Contract 1 v. Fraud 0

Fraud. It’s something that we hope to never come across in a transaction, but the unfortunate reality is that it occurs from time to time and those involved in corporate transactions would be well-served to have at least a basic understanding of how it will be treated by courts.

A recent case – Teva Pharmaceuticals v. Fernando Espinosa Abdala, et. al. (Index No. 655112/2016, (July 31, 2017 N.Y. Sup. Ct.)) – provides some valuable insights in this area. In this case, Teva Pharmaceuticals (“Teva”) acquired a pharmaceutical company (the “Target”) and related intellectual property from two brothers for $2.3 billion, and after the transaction closed, Teva brought a fraud claim against the brothers alleging that: (i) the Target was selling pharmaceutical drugs that had not been approved by the Mexican government and (ii) the brothers had concealed this from Teva.

One of the key issues in this case was whether Teva could use evidence from the due diligence phase of the transaction to support their fraud claim.  The sellers argued that this evidence was barred because the purchase agreement contained a non-reliance provision, wherein Teva agreed that it was relying solely on the representations and warranties in the purchase agreement and not on “any materials made available to [Teva], during the course of its Due Diligence Investigation.”

Ultimately, the court sided with the sellers and enforced the non-reliance provision.  For some, this may be a surprising result because the alleged fraud goes directly to the very heart of the transaction.  A seemingly fundamental expectation of acquiring a pharmaceutical company would be that it is selling its pharmaceutical drugs legally. Moreover, Teva paid a substantial amount for the Target – $2.3 billion.  However, the court reasoned that the non-reliance provision in the contract was “specific” and thus, reflected the intent of the parties to be bound by it. It also pointed to the fact that Teva “is a sophisticated entity and performed extensive diligence.”

This case contains a number of valuable lessons and reminders for those involved in corporate transactions – namely:

·      To not gloss over non-reliance provisions, which are often viewed as part of the “boilerplate;”

·      For sellers, to incorporate references to the diligence process in their non-reliance provisions; and

·     For buyers, to undertake a thorough diligence process because as seen in the Teva case, the remedies for any issues that are not discovered in the diligence process may be limited.

Hope springs eternal: private equity M&A in 2018
2017 was a year of some apprehension for dealmakers. Political uncertainty in the United States and the Eurozone dampened the global economic outlook and many dealmakers remained hesitant to pull the trigger on potential transactions. In the end, however, many of these fears proved unfounded. 2017 saw steady economic growth in the United States, an economic recovery in the Eurozone, economic resilience in China and a bullish stock market (all buoyed by supportive monetary policy from central banks). As 2018 gets underway, Deloitte reports that 68 percent of surveyed executives at U.S.-headquartered corporations and 76 percent of leaders at domestic-based private equity firms believe deal flow is set to increase in the next 12 months. For the private equity industry, this may mean that, at least in the near term, good times are ahead.
As with other dealmakers, private equity mergers and acquisitions activity in 2017 lagged behind past years due to political and regulatory uncertainty and sky-high asset valuations. Though these concerns may carry over into 2018, a massive stockpile of dry powder (a result of years of strong fundraising activity) and continued macroeconomic growth will compel private equity sponsors to seek out and close new deals. At the same time, private equity mergers and acquisitions activity in 2018 will be heavily influenced by high transaction multiples, a continued lack of high quality assets in the market and competition from strategic buyers. To maneuver in this environment and still generate the returns expected from their asset class, private equity sponsors will seek to be creative in how they approach deals in 2018. Some will look to an increasingly diverse set of transaction structures beyond the traditional buyout model, including minority investments, joint ventures and other partnerships between private equity sponsors and strategics. Additionally, private equity sponsors will continue to hone their sector expertise as a way to differentiate themselves in an overcrowded market, drive deal value and compete with rival strategics. Finally, the middle-market will remain particularly attractive for private equity mergers and acquisitions as even large sponsors will move down market in search of quality assets and add on acquisitions to drive growth in their existing portfolios.
On the wary side, private equity sponsors will likely experience increased competition in 2018 from strategic players as organic growth remains elusive. A raging stock market coupled with the newly reduced corporate tax rate will (presumably) augment corporate balance sheets and provide strategics with even more ammunition for acquisitions. In the middle-market private equity space sponsors will face increased competition from direct investors and family offices. Family offices in particular can offer long-term investing strategies, patient capital and a more personalized message to those family owned businesses that are looking to take chips off the table rather than completely exit.
Regardless, 2018 is poised to be a strong year for private equity mergers and acquisitions. Political uncertainty in 2017 proved to be little match for the resolve of dealmakers, and there is little reason to believe 2018 will be different. Despite an increasingly crowded field of competitors, private equity sponsors that are able to take advantage of sector specializations and craft creative deal structures will be well positioned to ride the tail winds of the current macroeconomic growth cycle and find returns for themselves and their limited partners.
Nixon Peabody releases 16th Annual Material Adverse Change Survey
This week, Nixon Peabody issued its 16th Annual MAC Survey, which reviews the material adverse change provisions in M&A deal documents to gauge what is market in terms of the deal protections afforded by MAC clauses. The survey analyzed over 200 publicly filed M&A agreements involving deals with values ranging from $100 million to over $85 billion. 

Our annual review of MAC clauses in acquisition agreements over the past 16 years has evinced a dealmaking climate highly sensitive to developments both in the United States and globally. Each year, the survey provides a renewed opportunity to examine the market’s responses to shifts in the myriad economic, geopolitical and societal forces that shape the manner and environment in which M&A transactions are executed. With each survey we conduct, we capture a more robust picture of M&A trends.

We hope you enjoy reading this year’s survey.  We will continue to monitor closely how the dealmaking market responds to these and other developments in the years to come.  The survey can be found on Nixon Peabody’s web site by clicking this link

16th Annual MAC Survey Infographic 
Cybersecurity due diligence in M&A transactions
Cybersecurity due diligence in M&A transactions has increased in importance as cybercrime has emerged as an increased threat many companies face.
When a buyer is acquiring a company, the buyer is acquiring all of the seller’s data or digital assets—such as customer data, trade secrets, know-how and business plans. These digital assets are subject to theft and destruction and may trigger compliance with cybersecurity and privacy mandates from regulators in the United States and overseas, which would subject a company to liability if such mandates are not complied with.  As a result, today’s buyer risks acquiring a company whose data may have already been compromised or otherwise assuming liabilities for past noncompliance with cybersecurity and data privacy laws. This is why cybersecurity due diligence has increased in importance over the years.
The following are three key areas to consider in cybersecurity M&A due diligence:

1. Review of the target company’s current cybersecurity policies. First, the diligence team should try to understand the current cybersecurity practices and procedures the target company currently has in place. This cyber risk assessment involves interviews of key staff at the target company (e.g., risk officer, CTO, CIO, CEO) and a review of relevant documents (e.g., security programs and procedures, crisis management and incident response plans, reports of vulnerability assessments and responses to incident reports, vendor audits and any resulting remedial measures). In addition, the diligence team should focus on the maturity and suitability of the target company’s cybersecurity governance and vendor management, the terms of any cyber insurance policies, the existence of any past cybersecurity incidents and how such incidents were handled and whether the target company has interacted with regulators or law enforcement with respect to potential cybersecurity incidents.
2. Review of the target company’s network security conducted by an outside firm. If the target company has never engaged a third-party forensic firm to conduct vulnerability assessments and penetration testing, the buyer may want to retain a third-party firm to undertake its own cybersecurity risk testing on the target company’s network. Such testing could even include searches on the dark web to see whether the target company’s customer data or intellectual property is already compromised and available for sale. This cybersecurity risk testing typically involves a two to four week engagement depending on the situation.
3. Deal terms in the acquisition document. The representations and warranties concerning cybersecurity in the purchase agreement should be drafted to require the target company to disclose as much as possible about any potential cybersecurity violations and should be tailored to the target company’s industry and regulatory environment. In addition, the representations and warranties should cover compliance by the target company of applicable cybersecurity and data privacy laws, its own internal and external privacy policies and the absence of unauthorized access to the target company’s network.
Indemnities may also be used to hold the target company responsible for its representations and liable for hidden or undisclosed cybersecurity and data privacy liabilities that arise after closing. If the transaction involves an executory period in between signing and closing, the purchase agreement may include a covenant requiring the target company to implement ongoing safeguards of sensitive information during such period. Due diligence findings may also require the addition of certain tailored closing conditions requiring the target company to take steps to address noncompliance issues or to implement missing IT safeguards.
To conclude, M&A due diligence is important in uncovering and protecting against key risks in a transaction. In our data-driven economy, cyber risk must not be overlooked and should be included as standard M&A due diligence.
Top 5 ways for private equity professionals to handle tense negotiations

It’s a fact of life in the PE world.  Negotiations can get tense.  Even when the parties seem very well aligned – there is an eager seller who is ready for an exit, the parties have already negotiated a robust letter of intent that covers many of the major deal points, etc. – there is nearly always one or two points in the process where tensions rise and it feels like the deal could be in jeopardy.  Whether it involves negotiating a purchase price reduction due to a less-than-optimal last minute due diligence finding, talking to a business owner about his role in the business (or lack thereof) following closing or another equally fraught deal-specific issue, there are things that you can do as a private equity professional to keep the deal on track despite these difficult conversations and optimize outcomes in the process. 

So how can a private equity professional approach a potentially tense negotiation in order to keep a transaction on-track and achieve the best possible result?  We asked our good friend, Jodi Coochise, a licensed psychologist and behavioral finance consultant and coach, to recommend her Top 5 ways to handle a tense negotiation in the PE space.  Here are few things that you can do and keep in mind when dealing with a difficult topic in order to keep the negotiation grounded, focused and moving in a positive direction.

1.     Set Clear Goals Ahead of Time.  Establish a mutual goal before jumping into the negotiation. Often we assume this goal is self-explanatory or has already been determined. However, spending some additional time on this step at the beginning of the conversation can help set a tone of mutual respect and ensures there are no hidden agendas or expectations that might derail the conversation later.

2.     Start with the overlap. When two people enter a negotiation meeting, they are primed to “fight” for what they believe to be fair. Starting a dialogue from this “fighters” mindset often results in tension and disagreement taking center stage in the conversation. Focusing on the differences also reinforces the attitude of being on opposite sides, which can make negotiating more difficult. It may seem counterintuitive to start the conversation on things the two sides agree on, but doing so fosters a tone of agreement and compromise that will be necessary once you get to the items that are likely to be stickier.

3.     Don’t ignore the vibe.  Pay just as much attention to the “mood in the room” as you do the content of the discussion. When we neglect our awareness of how others are responding emotionally we leave ourselves vulnerable to stumbling into a failed negotiation. As tensions build, people’s behaviors start to change. You might notice raised voices, people may cut each other off and start responding with flippant or sarcastic comments. These types of reactions can trigger defensiveness and anger and can derail a fruitful discussion. When you are able to monitor any changes in the tone or emotion of the room, you can take steps to reduce that tension before reactions boil over. You might suggest taking a break to let emotions cool, revisit the mutual goal established at the beginning of the discussion, or just take a deep breath to ground yourself. Remember that when our emotions run high we are less likely to think clearly, which interferes with the original goal of finding a shared outcome.  When attention shifts away from the shared outcome, it can instead swing the focus towards “winning” or in some cases, “harming” the other person, which will likely not lead to productive results.

4.     Remember that coercion is not the same as negotiating. It’s important to be mindful of when we are pushing too hard or trying to control the conversation. Cutting others off, speaking in absolute terms, asking leading questions, and using attacking statements are all ways we can be too aggressive and end up derailing a negotiation. By paying attention to these conversation-stoppers when they pop up, you can change course and work on asking open-ended questions, giving everyone the space to express their points of view and regain a tone of mutual respect.

5.     Don’t underestimate the power of softening the message. Most of us have an internal alarm that goes off when it feels like someone is imposing their will on us. We instinctively react by digging into our point of view, pushing back with an equal amount of force or checking out of the conversation altogether. This is far from ideal when the hope is to reach a shared agreement. Softening your message slightly can help to re-engage the other person in the dialogue. You don’t have to change to a weak argument or abandon your perspective. However, by using statements like, “In my opinion…,” “It appears….,” or “I’m wondering if….”, you demonstrate that you are open for a dialogue and willing to hear another person’s perspective. Make sure to present things as your point of view, not as a universal fact.

Many thanks to Jodi Coochise for her contribution of this blog post.  Jodi received her Ph.D. in Counseling Psychology from Colorado State University.  She is a Licensed Psychologist who divides her time between a clinical practice and working in the financial industry.  Jodi’s non-clinical work includes consulting with financial advising firms, where she provides coaching for advisors around integrating Behavioral Finance principles into their client interactions.

Check out Jodi’s prior post, Top 5 ways to approach negotiations with an emotional seller.

Management structure in purchases of Certified Home Health Agencies and Licensed Home Care Services Agencies in New York State

In New York State, there is a hot market for the purchase and sale of licenses to operate Certified Home Health Agencies (“CHHAs”) and  Licensed Home Care Services Agencies (“LHCSAs”) because a moratorium on the issuance of new licenses by the New York State Department of Health (“DOH”).

Deals with LHCSAs and CHHAs are very similar to other M&A transactions, with the main difference being that title cannot actually change hands until final approval of the transfer has been obtained from the DOH.  The approval process typically lasts about a year, but can last longer if there are issues with the application for approval.  The crux of the matter is that timing is largely outside of the control of the parties.  As such, there is a much longer delay between signing and closing than the typical time period for other M&A transactions.

Another distinguishing factor about these deals is that buyers often pay a significant portion of the purchase price upfront – sometimes as much as half, with more paid over time prior to closing – because the market is seller-driven.  The combination of the significant upfront investment by the buyer and the long delay between signing and closing creates an interesting dynamic between a buyer that is eager to begin running and growing the business and a seller that is unmotivated to focus on the business, having already realized a large chunk of its return on its investment. 

As much as a buyer may want to get into the business in order to revitalize it, protect its investment and start the process of turning a profit as soon as possible, legally, the seller cannot step aside and hand the business to the buyer until the closing has occurred, which requires DOH approval.  Therefore, as title and the license remains in the hands of the seller, but the incentive to run the business lies with the buyer, the parties are at an impasse.

Buyers and sellers have contracted around this situation by entering into two consecutive agreements.  In order to enable the buyer to start running the business and to free the seller up to move on to other things, the parties enter into a consultative agreement and a management agreement, whereby the seller hires the buyer to run the business during the time between signing and closing. 

The consultative agreement is short-term and somewhat limited in the powers that it delegates to the buyer.  The parties must provide notice of the consultative agreement to the DOH, which is useful because the unimposing notification requirement allows the agreement to go into effect immediately following the signing.  The main purpose of the consultative agreement is to allow the buyer to transition to managing the business while the parties obtain approval of the management agreement. 

The management agreement has a longer term than the consultative agreement, and it provides significant management power to the buyer, while reserving ultimate authority and responsibility to the seller.  Once approved by the DOH, which usually takes a few months, it remains in effect until the closing is consummated, and title passes to the buyer.  Under the management agreement, the seller hires the buyer as a manager, which gives the buyer generous power to run the business while the parties obtain approval of the overall transaction.

Under both agreements, the buyer/manager earns a fair market value management fee, which fee is paid out of the profits of the CHHA or the LHCSA.  While any profits above the management fee technically remain the property of the seller prior to the closing, the parties typically provide that any such profits earned on the buyer/manager’s watch are set aside and pass along with the other assets or the equity of the company to the buyer at the closing. 

This structure, which is composed of a series of agreements that create relationships between the buyer and the seller, accommodates the fact that there will be a delay between essentially buying the business and owning the business, while respecting the regulatory framework of ownership and management of such entities.

Cybersecurity for private equity: strategies to avoid being the next cyber target

On May 23, 2017, the Association for Corporate Growth hosted a webinar on Cybersecurity for Private Equity – Strategies to Avoid Being the Next Cyber Target, which was presented by security experts Kaleigh Alessandro, Bob Shaw and Matt Donahue, each with Eze Castle Integration. The panel of security experts discussed today’s cyber threats, strategies to protect a company from cyber attacks, ways to mitigate vendor risk and the human factor involved in all cyber attacks.

The cyber threats that exist today will be different tomorrow, as this is an evolving and ever-changing landscape. Some current cyber threats are malware / ransomware, social engineering / phishing scams, espionage / cyber terrorism, hacktivism, insider threats and cybercrime. Any company that handles sensitive data is at risk, and may be a victim of, the foregoing cyber threats. If a private equity firm falls victim to such cyber threats, then it will face various risks including business, operational and reputational risks, regulatory risks and investment risks.

For a company to protect itself from cyber threats and cyber attacks, a company needs to implement layers upon layers of security across the company to protect itself from, and decrease the risk of falling victim to, a cyber threat.  The main security layers are identify, protect, detect, respond and recover.  There are various mechanisms that a company can implement to detect current weaknesses and protect against future cyber threats, including:

Performing internal vulnerability assessments to determine weak links in a company’s network, which assessments should be completed at least on an annual basis;

implementing technology safeguards (such as requiring strong passwords that are changed often, backing-up data, managing and implementing patches from Microsoft and other vendors, updating older operating systems, encrypting data and communication and having a VPN for remote access);

having a written security policy in place which will be helpful when training employees;

implementing a data governance platform so that a company can determine which employees access files and what such employees do with those files; and

training all employees on the company’s policies and procedures around cyber security and on the most up-to-date security threats.

Cyber security detection and protection within a company should be ongoing and constantly evolving. With respect to recovery from a cyber attack, the response plan should be realistic and should involve internal staff across the board of a company, as well as outside counsel.  A company should test its response plan by running through such procedures to make sure that employees are well-prepared for a cyber attack and that the response plan is achievable upon implementation. This response plan, like cyber security detection and protection, should be continuously updated and reevaluated.

A company should also mitigate vendor risk as much as possible by implementing a process or checklist for third party IT security due diligence, as a company needs to understand what weaknesses its vendors have and how such weaknesses are being addressed as well as the business continuity and disaster recovery plans that have been implemented by such vendors.  In addition if a vendor’s IT security policies change, then the company should be receiving a notice with respect to such changes.

There is a human factor for every cyber threat, and a company should train its employees so that they are aware of the procedures and policies that are in place around cyber security.  A company needs its employees to understand that they each have roles and responsibilities with respect to cyber security and they will be held accountable to comply with such roles and responsibilities to ensure that the company is protected from the ever-changing landscape of cyber threats.

1 - 10 Next

Privacy Policy | Terms of Use and Conditions | Statement of Client Rights
This website contains attorney advertising. Prior results do not guarantee a similar outcome. © 2018 Nixon Peabody LLP
Other Blogs
There are no items in this list.